New protocol from Guardtime hopes to unseat RSA for authentication, digital signatures

Data integrity vendor Guardtime hopes its newly announced protocol will replace RSA for the purposes of authentication and digital signatures, touting it as easier to manage and less vulnerable to hacking.

Data integrity vendor Guardtime hopes its newly announced protocol will replace RSA for the purposes of authentication and digital signatures, touting it as easier to manage and less vulnerable to hacking.

Called BLT, the protocol name comes from the last initials of its inventors, Ahto Buldas, Risto Laanoja and Ahto Truu, just as RSA comes from the last initials of its inventors, Ron Rivest, Adi Shamir and Leonard Adleman.

Rather than relying on public and private keys (PKI) as RSA does, BLT is based on hash-function cryptography, which requires no keys and so requires no issuing, updating or revoking of keys. As a result, it can scale to cover exabytes (1018 bytes) with little overhead, says the company's CEO Mike Gault. And there are no cryptographic secrets to be compromised.

In addition, the protocol, which is built on Guardtime's Keyless Signature Infrastructure (KSI) technology, invokes one-way hashes that cannot be broken, even under attack from the theoretical capabilities of quantum computers. The company points to its recently published mathematical proof of BLT's effectiveness to back up its claim with further proof here and here.

KSI is the technology on which the company bases Black Lantern system for ensuring the integrity of digital assets. It can be used to create a hashed signature of a digital asset when it is in a known good state. Based on constant monitoring of these time-stamped hashes, the system can verify that data, operating systems, applications and configurations have not been altered.

The hash signatures are reviewed every second, so any changes are caught almost immediately. The changes mean something about the asset itself has changed, and that might represent an attack that can then be checked out by third-party security platforms or security staff.

"That's the true value of it," says Phil Hochmuth, an analyst with Strategy Analytics. "It's a way to get rapid alert to a breach. It could be applied to the Internet of Things or any vastly distributed network."

Gartner Analyst Mary Ruddy says the distributed, scalable and light-weight nature of the system make it seem feasible for deploying on digital assets that it might otherwise not be economically viable to cover.

Like Bitcoin, Black Lantern uses an open-ledger system in which derived hash-value trees are maintained by Guardtime in order to monitor for changes. In the case of Bitcoin the values represent transactions; in the case of Guardtime, it's the hashed signatures of the assets being tracked.

Guardtime's technology also underpins a service being sold commercially by Ericsson that determines whether systems customers purchase have been altered after delivery, as well as to verify the integrity of operating systems, applications and configurations, says Jason Hoffman, head of technology and cloud systems for Ericsson.

He says it can be used not only to verify the integrity of, say, a sensor in a network, but also the data gathered by the sensor. That makes it possible to verify that the data collected matches the data delivered from the sensor.

Ericsson's service is being offered only to limited customers right now but will be rolled out generally to customers in North America and Europe next year, Hoffman says.

BLT will be available on Black Lantern gear this fall.

Based in Estonia, Guardtime was founded in 2006 and backed privately by Gault initially, but by other private investors since then. Gault, a former derivatives trader, met the Estonian researchers while he was a graduate student in Japan, heard about their scheme and relocated to Estonia to help with the company.

Guardtime says its annual revenue has grown from $100,000 in 2012, to $10 million last year. Revenues for the first quarter of this year were $20 million, it says.

Copyright 2016 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.